1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
6 use Pleroma.Web.ConnCase
9 alias Pleroma.UserInviteToken
10 import Pleroma.Factory
12 describe "/api/pleroma/admin/users" do
14 admin = insert(:user, info: %{is_admin: true})
19 |> assign(:user, admin)
20 |> put_req_header("accept", "application/json")
21 |> delete("/api/pleroma/admin/users?nickname=#{user.nickname}")
23 assert json_response(conn, 200) == user.nickname
27 admin = insert(:user, info: %{is_admin: true})
31 |> assign(:user, admin)
32 |> put_req_header("accept", "application/json")
33 |> post("/api/pleroma/admin/users", %{
35 "email" => "lain@example.org",
39 assert json_response(conn, 200) == "lain"
43 describe "/api/pleroma/admin/users/:nickname" do
44 test "Show", %{conn: conn} do
45 admin = insert(:user, info: %{is_admin: true})
50 |> assign(:user, admin)
51 |> get("/api/pleroma/admin/users/#{user.nickname}")
54 "deactivated" => false,
55 "id" => to_string(user.id),
57 "nickname" => user.nickname,
58 "roles" => %{"admin" => false, "moderator" => false},
62 assert expected == json_response(conn, 200)
65 test "when the user doesn't exist", %{conn: conn} do
66 admin = insert(:user, info: %{is_admin: true})
71 |> assign(:user, admin)
72 |> get("/api/pleroma/admin/users/#{user.nickname}")
74 assert "Not found" == json_response(conn, 404)
78 describe "/api/pleroma/admin/users/follow" do
79 test "allows to force-follow another user" do
80 admin = insert(:user, info: %{is_admin: true})
82 follower = insert(:user)
85 |> assign(:user, admin)
86 |> put_req_header("accept", "application/json")
87 |> post("/api/pleroma/admin/users/follow", %{
88 "follower" => follower.nickname,
89 "followed" => user.nickname
92 user = User.get_cached_by_id(user.id)
93 follower = User.get_cached_by_id(follower.id)
95 assert User.following?(follower, user)
99 describe "/api/pleroma/admin/users/unfollow" do
100 test "allows to force-unfollow another user" do
101 admin = insert(:user, info: %{is_admin: true})
103 follower = insert(:user)
105 User.follow(follower, user)
108 |> assign(:user, admin)
109 |> put_req_header("accept", "application/json")
110 |> post("/api/pleroma/admin/users/unfollow", %{
111 "follower" => follower.nickname,
112 "followed" => user.nickname
115 user = User.get_cached_by_id(user.id)
116 follower = User.get_cached_by_id(follower.id)
118 refute User.following?(follower, user)
122 describe "PUT /api/pleroma/admin/users/tag" do
124 admin = insert(:user, info: %{is_admin: true})
125 user1 = insert(:user, %{tags: ["x"]})
126 user2 = insert(:user, %{tags: ["y"]})
127 user3 = insert(:user, %{tags: ["unchanged"]})
131 |> assign(:user, admin)
132 |> put_req_header("accept", "application/json")
134 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
136 }&tags[]=foo&tags[]=bar"
139 %{conn: conn, user1: user1, user2: user2, user3: user3}
142 test "it appends specified tags to users with specified nicknames", %{
147 assert json_response(conn, :no_content)
148 assert User.get_cached_by_id(user1.id).tags == ["x", "foo", "bar"]
149 assert User.get_cached_by_id(user2.id).tags == ["y", "foo", "bar"]
152 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
153 assert json_response(conn, :no_content)
154 assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
158 describe "DELETE /api/pleroma/admin/users/tag" do
160 admin = insert(:user, info: %{is_admin: true})
161 user1 = insert(:user, %{tags: ["x"]})
162 user2 = insert(:user, %{tags: ["y", "z"]})
163 user3 = insert(:user, %{tags: ["unchanged"]})
167 |> assign(:user, admin)
168 |> put_req_header("accept", "application/json")
170 "/api/pleroma/admin/users/tag?nicknames[]=#{user1.nickname}&nicknames[]=#{
175 %{conn: conn, user1: user1, user2: user2, user3: user3}
178 test "it removes specified tags from users with specified nicknames", %{
183 assert json_response(conn, :no_content)
184 assert User.get_cached_by_id(user1.id).tags == []
185 assert User.get_cached_by_id(user2.id).tags == ["y"]
188 test "it does not modify tags of not specified users", %{conn: conn, user3: user3} do
189 assert json_response(conn, :no_content)
190 assert User.get_cached_by_id(user3.id).tags == ["unchanged"]
194 describe "/api/pleroma/admin/users/:nickname/permission_group" do
195 test "GET is giving user_info" do
196 admin = insert(:user, info: %{is_admin: true})
200 |> assign(:user, admin)
201 |> put_req_header("accept", "application/json")
202 |> get("/api/pleroma/admin/users/#{admin.nickname}/permission_group/")
204 assert json_response(conn, 200) == %{
206 "is_moderator" => false
210 test "/:right POST, can add to a permission group" do
211 admin = insert(:user, info: %{is_admin: true})
216 |> assign(:user, admin)
217 |> put_req_header("accept", "application/json")
218 |> post("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
220 assert json_response(conn, 200) == %{
225 test "/:right DELETE, can remove from a permission group" do
226 admin = insert(:user, info: %{is_admin: true})
227 user = insert(:user, info: %{is_admin: true})
231 |> assign(:user, admin)
232 |> put_req_header("accept", "application/json")
233 |> delete("/api/pleroma/admin/users/#{user.nickname}/permission_group/admin")
235 assert json_response(conn, 200) == %{
241 describe "PUT /api/pleroma/admin/users/:nickname/activation_status" do
242 setup %{conn: conn} do
243 admin = insert(:user, info: %{is_admin: true})
247 |> assign(:user, admin)
248 |> put_req_header("accept", "application/json")
253 test "deactivates the user", %{conn: conn} do
258 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: false})
260 user = User.get_cached_by_id(user.id)
261 assert user.info.deactivated == true
262 assert json_response(conn, :no_content)
265 test "activates the user", %{conn: conn} do
266 user = insert(:user, info: %{deactivated: true})
270 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: true})
272 user = User.get_cached_by_id(user.id)
273 assert user.info.deactivated == false
274 assert json_response(conn, :no_content)
277 test "returns 403 when requested by a non-admin", %{conn: conn} do
282 |> assign(:user, user)
283 |> put("/api/pleroma/admin/users/#{user.nickname}/activation_status", %{status: false})
285 assert json_response(conn, :forbidden)
289 describe "POST /api/pleroma/admin/email_invite, with valid config" do
291 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
292 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
293 Pleroma.Config.put([:instance, :registrations_open], false)
294 Pleroma.Config.put([:instance, :invites_enabled], true)
297 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
298 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
302 [user: insert(:user, info: %{is_admin: true})]
305 test "sends invitation and returns 204", %{conn: conn, user: user} do
306 recipient_email = "foo@bar.com"
307 recipient_name = "J. D."
311 |> assign(:user, user)
313 "/api/pleroma/admin/users/email_invite?email=#{recipient_email}&name=#{recipient_name}"
316 assert json_response(conn, :no_content)
318 token_record = List.last(Pleroma.Repo.all(Pleroma.UserInviteToken))
320 refute token_record.used
322 notify_email = Pleroma.Config.get([:instance, :notify_email])
323 instance_name = Pleroma.Config.get([:instance, :name])
326 Pleroma.Emails.UserEmail.user_invitation_email(
333 Swoosh.TestAssertions.assert_email_sent(
334 from: {instance_name, notify_email},
335 to: {recipient_name, recipient_email},
336 html_body: email.html_body
340 test "it returns 403 if requested by a non-admin", %{conn: conn} do
341 non_admin_user = insert(:user)
345 |> assign(:user, non_admin_user)
346 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
348 assert json_response(conn, :forbidden)
352 describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
354 [user: insert(:user, info: %{is_admin: true})]
357 test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn, user: user} do
358 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
359 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
360 Pleroma.Config.put([:instance, :registrations_open], false)
361 Pleroma.Config.put([:instance, :invites_enabled], false)
364 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
365 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
371 |> assign(:user, user)
372 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
374 assert json_response(conn, :internal_server_error)
377 test "it returns 500 if `registrations_open` is enabled", %{conn: conn, user: user} do
378 registrations_open = Pleroma.Config.get([:instance, :registrations_open])
379 invites_enabled = Pleroma.Config.get([:instance, :invites_enabled])
380 Pleroma.Config.put([:instance, :registrations_open], true)
381 Pleroma.Config.put([:instance, :invites_enabled], true)
384 Pleroma.Config.put([:instance, :registrations_open], registrations_open)
385 Pleroma.Config.put([:instance, :invites_enabled], invites_enabled)
391 |> assign(:user, user)
392 |> post("/api/pleroma/admin/users/email_invite?email=foo@bar.com&name=JD")
394 assert json_response(conn, :internal_server_error)
398 test "/api/pleroma/admin/invite_token" do
399 admin = insert(:user, info: %{is_admin: true})
403 |> assign(:user, admin)
404 |> put_req_header("accept", "application/json")
405 |> get("/api/pleroma/admin/invite_token")
407 assert conn.status == 200
410 test "/api/pleroma/admin/users/:nickname/password_reset" do
411 admin = insert(:user, info: %{is_admin: true})
416 |> assign(:user, admin)
417 |> put_req_header("accept", "application/json")
418 |> get("/api/pleroma/admin/users/#{user.nickname}/password_reset")
420 assert conn.status == 200
423 describe "GET /api/pleroma/admin/users" do
425 admin = insert(:user, info: %{is_admin: true})
429 |> assign(:user, admin)
431 {:ok, conn: conn, admin: admin}
434 test "renders users array for the first page", %{conn: conn, admin: admin} do
435 user = insert(:user, local: false, tags: ["foo", "bar"])
436 conn = get(conn, "/api/pleroma/admin/users?page=1")
438 assert json_response(conn, 200) == %{
443 "deactivated" => admin.info.deactivated,
445 "nickname" => admin.nickname,
446 "roles" => %{"admin" => true, "moderator" => false},
451 "deactivated" => user.info.deactivated,
453 "nickname" => user.nickname,
454 "roles" => %{"admin" => false, "moderator" => false},
456 "tags" => ["foo", "bar"]
462 test "renders empty array for the second page", %{conn: conn} do
465 conn = get(conn, "/api/pleroma/admin/users?page=2")
467 assert json_response(conn, 200) == %{
474 test "regular search", %{conn: conn} do
475 user = insert(:user, nickname: "bob")
477 conn = get(conn, "/api/pleroma/admin/users?query=bo")
479 assert json_response(conn, 200) == %{
484 "deactivated" => user.info.deactivated,
486 "nickname" => user.nickname,
487 "roles" => %{"admin" => false, "moderator" => false},
495 test "search by domain", %{conn: conn} do
496 user = insert(:user, nickname: "nickname@domain.com")
499 conn = get(conn, "/api/pleroma/admin/users?query=domain.com")
501 assert json_response(conn, 200) == %{
506 "deactivated" => user.info.deactivated,
508 "nickname" => user.nickname,
509 "roles" => %{"admin" => false, "moderator" => false},
517 test "search by full nickname", %{conn: conn} do
518 user = insert(:user, nickname: "nickname@domain.com")
521 conn = get(conn, "/api/pleroma/admin/users?query=nickname@domain.com")
523 assert json_response(conn, 200) == %{
528 "deactivated" => user.info.deactivated,
530 "nickname" => user.nickname,
531 "roles" => %{"admin" => false, "moderator" => false},
539 test "search by display name", %{conn: conn} do
540 user = insert(:user, name: "Display name")
543 conn = get(conn, "/api/pleroma/admin/users?name=display")
545 assert json_response(conn, 200) == %{
550 "deactivated" => user.info.deactivated,
552 "nickname" => user.nickname,
553 "roles" => %{"admin" => false, "moderator" => false},
561 test "search by email", %{conn: conn} do
562 user = insert(:user, email: "email@example.com")
565 conn = get(conn, "/api/pleroma/admin/users?email=email@example.com")
567 assert json_response(conn, 200) == %{
572 "deactivated" => user.info.deactivated,
574 "nickname" => user.nickname,
575 "roles" => %{"admin" => false, "moderator" => false},
583 test "regular search with page size", %{conn: conn} do
584 user = insert(:user, nickname: "aalice")
585 user2 = insert(:user, nickname: "alice")
587 conn1 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=1")
589 assert json_response(conn1, 200) == %{
594 "deactivated" => user.info.deactivated,
596 "nickname" => user.nickname,
597 "roles" => %{"admin" => false, "moderator" => false},
604 conn2 = get(conn, "/api/pleroma/admin/users?query=a&page_size=1&page=2")
606 assert json_response(conn2, 200) == %{
611 "deactivated" => user2.info.deactivated,
613 "nickname" => user2.nickname,
614 "roles" => %{"admin" => false, "moderator" => false},
622 test "only local users" do
623 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
624 user = insert(:user, nickname: "bob")
626 insert(:user, nickname: "bobb", local: false)
630 |> assign(:user, admin)
631 |> get("/api/pleroma/admin/users?query=bo&filters=local")
633 assert json_response(conn, 200) == %{
638 "deactivated" => user.info.deactivated,
640 "nickname" => user.nickname,
641 "roles" => %{"admin" => false, "moderator" => false},
649 test "only local users with no query", %{admin: old_admin} do
650 admin = insert(:user, info: %{is_admin: true}, nickname: "john")
651 user = insert(:user, nickname: "bob")
653 insert(:user, nickname: "bobb", local: false)
657 |> assign(:user, admin)
658 |> get("/api/pleroma/admin/users?filters=local")
660 assert json_response(conn, 200) == %{
665 "deactivated" => user.info.deactivated,
667 "nickname" => user.nickname,
668 "roles" => %{"admin" => false, "moderator" => false},
673 "deactivated" => admin.info.deactivated,
675 "nickname" => admin.nickname,
676 "roles" => %{"admin" => true, "moderator" => false},
681 "deactivated" => false,
682 "id" => old_admin.id,
684 "nickname" => old_admin.nickname,
685 "roles" => %{"admin" => true, "moderator" => false},
692 test "load only admins", %{conn: conn, admin: admin} do
693 second_admin = insert(:user, info: %{is_admin: true})
697 conn = get(conn, "/api/pleroma/admin/users?filters=is_admin")
699 assert json_response(conn, 200) == %{
704 "deactivated" => false,
706 "nickname" => admin.nickname,
707 "roles" => %{"admin" => true, "moderator" => false},
708 "local" => admin.local,
712 "deactivated" => false,
713 "id" => second_admin.id,
714 "nickname" => second_admin.nickname,
715 "roles" => %{"admin" => true, "moderator" => false},
716 "local" => second_admin.local,
723 test "load only moderators", %{conn: conn} do
724 moderator = insert(:user, info: %{is_moderator: true})
728 conn = get(conn, "/api/pleroma/admin/users?filters=is_moderator")
730 assert json_response(conn, 200) == %{
735 "deactivated" => false,
736 "id" => moderator.id,
737 "nickname" => moderator.nickname,
738 "roles" => %{"admin" => false, "moderator" => true},
739 "local" => moderator.local,
746 test "load users with tags list", %{conn: conn} do
747 user1 = insert(:user, tags: ["first"])
748 user2 = insert(:user, tags: ["second"])
752 conn = get(conn, "/api/pleroma/admin/users?tags[]=first&tags[]=second")
754 assert json_response(conn, 200) == %{
759 "deactivated" => false,
761 "nickname" => user1.nickname,
762 "roles" => %{"admin" => false, "moderator" => false},
763 "local" => user1.local,
767 "deactivated" => false,
769 "nickname" => user2.nickname,
770 "roles" => %{"admin" => false, "moderator" => false},
771 "local" => user2.local,
778 test "it works with multiple filters" do
779 admin = insert(:user, nickname: "john", info: %{is_admin: true})
780 user = insert(:user, nickname: "bob", local: false, info: %{deactivated: true})
782 insert(:user, nickname: "ken", local: true, info: %{deactivated: true})
783 insert(:user, nickname: "bobb", local: false, info: %{deactivated: false})
787 |> assign(:user, admin)
788 |> get("/api/pleroma/admin/users?filters=deactivated,external")
790 assert json_response(conn, 200) == %{
795 "deactivated" => user.info.deactivated,
797 "nickname" => user.nickname,
798 "roles" => %{"admin" => false, "moderator" => false},
799 "local" => user.local,
807 test "PATCH /api/pleroma/admin/users/:nickname/toggle_activation" do
808 admin = insert(:user, info: %{is_admin: true})
813 |> assign(:user, admin)
814 |> patch("/api/pleroma/admin/users/#{user.nickname}/toggle_activation")
816 assert json_response(conn, 200) ==
818 "deactivated" => !user.info.deactivated,
820 "nickname" => user.nickname,
821 "roles" => %{"admin" => false, "moderator" => false},
827 describe "GET /api/pleroma/admin/users/invite_token" do
829 admin = insert(:user, info: %{is_admin: true})
833 |> assign(:user, admin)
838 test "without options", %{conn: conn} do
839 conn = get(conn, "/api/pleroma/admin/users/invite_token")
841 token = json_response(conn, 200)
842 invite = UserInviteToken.find_by_token!(token)
844 refute invite.expires_at
845 refute invite.max_use
846 assert invite.invite_type == "one_time"
849 test "with expires_at", %{conn: conn} do
851 get(conn, "/api/pleroma/admin/users/invite_token", %{
852 "invite" => %{"expires_at" => Date.to_string(Date.utc_today())}
855 token = json_response(conn, 200)
856 invite = UserInviteToken.find_by_token!(token)
859 assert invite.expires_at == Date.utc_today()
860 refute invite.max_use
861 assert invite.invite_type == "date_limited"
864 test "with max_use", %{conn: conn} do
866 get(conn, "/api/pleroma/admin/users/invite_token", %{
867 "invite" => %{"max_use" => 150}
870 token = json_response(conn, 200)
871 invite = UserInviteToken.find_by_token!(token)
873 refute invite.expires_at
874 assert invite.max_use == 150
875 assert invite.invite_type == "reusable"
878 test "with max use and expires_at", %{conn: conn} do
880 get(conn, "/api/pleroma/admin/users/invite_token", %{
881 "invite" => %{"max_use" => 150, "expires_at" => Date.to_string(Date.utc_today())}
884 token = json_response(conn, 200)
885 invite = UserInviteToken.find_by_token!(token)
887 assert invite.expires_at == Date.utc_today()
888 assert invite.max_use == 150
889 assert invite.invite_type == "reusable_date_limited"
893 describe "GET /api/pleroma/admin/users/invites" do
895 admin = insert(:user, info: %{is_admin: true})
899 |> assign(:user, admin)
904 test "no invites", %{conn: conn} do
905 conn = get(conn, "/api/pleroma/admin/users/invites")
907 assert json_response(conn, 200) == %{"invites" => []}
910 test "with invite", %{conn: conn} do
911 {:ok, invite} = UserInviteToken.create_invite()
913 conn = get(conn, "/api/pleroma/admin/users/invites")
915 assert json_response(conn, 200) == %{
920 "invite_type" => "one_time",
922 "token" => invite.token,
931 describe "POST /api/pleroma/admin/users/revoke_invite" do
933 admin = insert(:user, info: %{is_admin: true})
934 {:ok, invite} = UserInviteToken.create_invite()
938 |> assign(:user, admin)
939 |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
941 assert json_response(conn, 200) == %{
944 "invite_type" => "one_time",
946 "token" => invite.token,